RBAC and API Keys

DevOps teams often need to utilize API capabilities, while staying within the organization’s RBAC policies. This is especially true when there are self-service users orchestrating complex deployments.

To that end, we’re releasing new functionality that allows you to generate and maintain role-based access to API keys–providing you the safety of RBAC alongside the convenience of API services.

Now, your team can create limited-permission API keys that can be used to fix things like orphaned environments without you having to provide org-wide admin access. More importantly, this allows you to enforce user-level RBAC permissions via API.

Creating a Limited-Access API Key

Organization admins can create  non-admin API keys, which are then assigned to teams and specific projects.

Under “Organization Settings” you’ll see the column “Role”, which states the type of the API key and is interchangeable between admin and user.

During creation of an API key with the “User” role, your Admin will be able to assign the key to specific projects. After creation, the Admin will be able to assign the key for a team.

‍

If you’re looking to utilize the convenience of API Keys while maintaining the security of your current RBAC Policies, env0’s new Non-Admin API Key feature solves just this.